Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2aa2af80-7204-4f3a-bf80-e44fc215deab.roa
File:                     2aa2af80-7204-4f3a-bf80-e44fc215deab.roa (raw, json)
Hash identifier:          kJQgQwvadJMivt+kxh9mBuC5EyM4mwWfEB24nx8W0JM=
Subject key identifier:   FC:9E:A2:02:C2:CC:5F:96:3D:B4:33:2C:51:80:53:AD:8D:BC:04:34
Certificate issuer:       /CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
Certificate serial:       63AA98FFDF49D9FEDF43282B969100F1CC81A512
Authority key identifier: 25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2aa2af80-7204-4f3a-bf80-e44fc215deab.roa
Signing time:             Mon 22 Sep 2025 22:15:02 +0000
ROA not before:           Mon 22 Sep 2025 22:15:02 +0000
ROA not after:            Mon 27 Oct 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        18.238.176.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl
                          rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/851cef17-132a-4337-b7d1-bf16a52ffd03.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/2a246947-2d62-4a6c-ba05-87187f0099b2.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/5e4a23ea-e80a-403e-b08c-2171da2157d3.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3.cer
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.crl
                          rsync://rpki.arin.net/repository/arin-rpki-ta/arin-rpki-ta.mft
                          rsync://rpki.arin.net/repository/arin-rpki-ta.cer
Signature path expires:   Sun 19 Oct 2025 14:00:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            63:aa:98:ff:df:49:d9:fe:df:43:28:2b:96:91:00:f1:cc:81:a5:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476
        Validity
            Not Before: Sep 22 22:15:02 2025 GMT
            Not After : Oct 27 23:59:59 2025 GMT
        Subject: serialNumber=7482529d3e0e184a93d27cafaa96c006bd2038339c85f467a947f30e5cb330a1, CN=5f276045-5b9f-45ef-923d-f3fce24a6225
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:97:d0:fa:22:8c:ee:5c:89:0c:fd:84:1c:63:
                    41:9c:09:6f:3d:de:73:bb:32:6c:40:13:52:5c:a7:
                    ee:3b:22:8e:99:8e:25:12:58:31:0d:91:21:34:d7:
                    07:29:67:68:54:75:6d:d5:3a:3e:db:aa:44:69:60:
                    81:8d:15:8c:c7:4a:50:ca:79:5e:4a:3e:2a:23:46:
                    47:a0:62:89:11:a1:bb:f6:4b:43:2e:b6:3f:8d:61:
                    50:d1:64:b7:9f:00:51:f1:03:d1:9a:6a:e5:6e:a8:
                    99:0a:fe:2e:cc:ad:14:c6:53:a8:db:1e:ee:f0:5a:
                    82:ff:84:12:19:d8:0a:a0:81:98:ae:80:69:80:c9:
                    9a:51:31:7a:8d:dd:fa:f8:9b:22:a9:e5:df:eb:d6:
                    49:5e:f9:b4:6f:9a:2f:76:ea:28:f8:07:e8:d6:d0:
                    e2:e8:0a:06:05:da:00:ed:a3:30:19:15:f5:cc:b0:
                    ff:96:9d:99:3c:63:f1:43:74:4c:bb:28:f4:95:a0:
                    3b:e8:e8:de:ce:c3:4f:c9:25:4f:af:fe:f9:55:00:
                    6e:e7:9c:e4:18:25:5b:c2:b1:9d:94:c8:87:7f:8f:
                    23:6a:e7:d6:2d:68:ee:dd:94:fc:96:34:72:5d:83:
                    38:f9:d3:4b:88:09:b0:1a:c0:fc:98:5c:90:6c:01:
                    76:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:9E:A2:02:C2:CC:5F:96:3D:B4:33:2C:51:80:53:AD:8D:BC:04:34
            X509v3 Authority Key Identifier:
                keyid:25:AD:D3:42:B0:1E:B7:A5:8E:AD:19:90:26:88:B5:4B:3F:81:F4:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/851cef17-132a-4337-b7d1-bf16a52ffd03/df6f3b3a34b6386d1a32d8f4fa3178ef31887d8b428dfaa476.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/2aa2af80-7204-4f3a-bf80-e44fc215deab.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/f703696e-e47b-4c20-bd93-6f80904e42d2/tjhtGjLY9PoxeO8xiH2LQo36pHY.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  18.238.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         87:ac:32:63:7e:4b:57:40:d2:8d:f8:b9:d7:2f:84:2a:d4:46:
         3d:0a:77:7a:3e:2b:33:2b:f2:e9:14:bb:ec:5d:88:2d:5b:fd:
         b1:68:cd:63:0a:1c:98:d0:07:45:0c:88:5d:6b:44:6a:06:d4:
         1a:80:2e:9c:25:6b:c8:0a:1f:58:d9:33:44:12:23:60:31:2b:
         2b:9b:92:04:16:42:01:7e:18:8a:c8:9f:66:70:82:40:17:9d:
         ae:c8:01:4d:7c:6f:95:80:9a:b6:5e:e2:fb:96:7e:ba:a0:9d:
         4e:b3:e5:82:a0:b4:71:9a:78:f7:d1:5e:de:59:89:7f:a4:b3:
         58:35:54:a6:6b:bf:96:f0:3f:05:a1:bf:b7:d6:5c:94:73:77:
         ee:9a:85:f7:56:5f:88:ee:bf:5e:f0:5e:40:b9:af:40:c6:4f:
         6e:bc:25:4f:ae:97:fc:51:eb:08:64:d2:3b:11:0b:30:60:3f:
         ff:65:03:3a:c0:f7:eb:29:3d:58:21:31:2f:2f:7b:a2:cc:ec:
         12:26:88:bf:3f:e2:0e:02:0e:5e:32:b9:4d:af:6b:a0:1f:2d:
         e3:6a:b7:72:94:af:6f:62:fc:81:5b:18:e7:fc:f5:78:47:e9:
         9b:ab:ab:a2:d2:75:c1:ca:26:5d:a7:e9:e5:de:7b:95:21:28:
         31:07:15:0d
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUY6qY/99J2f7fQygrlpEA8cyBpRIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJkOGY0ZmEzMTc4ZWYz
MTg4N2Q4YjQyOGRmYWE0NzYwHhcNMjUwOTIyMjIxNTAyWhcNMjUxMDI3MjM1OTU5
WjB6MUkwRwYDVQQFE0A3NDgyNTI5ZDNlMGUxODRhOTNkMjdjYWZhYTk2YzAwNmJk
MjAzODMzOWM4NWY0NjdhOTQ3ZjMwZTVjYjMzMGExMS0wKwYDVQQDEyQ1ZjI3NjA0
NS01YjlmLTQ1ZWYtOTIzZC1mM2ZjZTI0YTYyMjUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDtl9D6IozuXIkM/YQcY0GcCW893nO7MmxAE1Jcp+47Io6Z
jiUSWDENkSE01wcpZ2hUdW3VOj7bqkRpYIGNFYzHSlDKeV5KPiojRkegYokRobv2
S0Mutj+NYVDRZLefAFHxA9GaauVuqJkK/i7MrRTGU6jbHu7wWoL/hBIZ2AqggZiu
gGmAyZpRMXqN3fr4myKp5d/r1kle+bRvmi926ij4B+jW0OLoCgYF2gDtozAZFfXM
sP+WnZk8Y/FDdEy7KPSVoDvo6N7Ow0/JJU+v/vlVAG7nnOQYJVvCsZ2UyId/jyNq
59YtaO7dlPyWNHJdgzj500uICbAawPyYXJBsAXbvAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU/J6iAsLMX5Y9tDMsUYBTrY28BDQwHwYDVR0jBBgwFoAUJa3TQrAet6WO
rRmQJoi1Sz+B9LgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi84NTFjZWYxNy0x
MzJhLTQzMzctYjdkMS1iZjE2YTUyZmZkMDMvZGY2ZjNiM2EzNGI2Mzg2ZDFhMzJk
OGY0ZmEzMTc4ZWYzMTg4N2Q4YjQyOGRmYWE0NzYuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvZjcwMzY5NmUtZTQ3Yi00YzIwLWJkOTMtNmY4
MDkwNGU0MmQyLzJhYTJhZjgwLTcyMDQtNGYzYS1iZjgwLWU0NGZjMjE1ZGVhYi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2Y3MDM2OTZlLWU0N2ItNGMyMC1iZDkz
LTZmODA5MDRlNDJkMi90amh0R2pMWTlQb3hlTzh4aUgyTFFvMzZwSFkuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBAIS7rAwDQYJKoZIhvcNAQELBQADggEBAIesMmN+S1dA0o34udcvhCrURj0K
d3o+KzMr8ukUu+xdiC1b/bFozWMKHJjQB0UMiF1rRGoG1BqALpwla8gKH1jZM0QS
I2AxKyubkgQWQgF+GIrIn2ZwgkAXna7IAU18b5WAmrZe4vuWfrqgnU6z5YKgtHGa
ePfRXt5ZiX+ks1g1VKZrv5bwPwWhv7fWXJRzd+6ahfdWX4juv17wXkC5r0DGT268
JU+ul/xR6whk0jsRCzBgP/9lAzrA9+spPVghMS8ve6LM7BImiL8/4g4CDl4yuU2v
a6AfLeNqt3KUr29i/IFbGOf89XhH6Zurq6LSdcHKJl2n6eXee5UhKDEHFQ0=
-----END CERTIFICATE-----